\documentclass{article}

\usepackage{pdfpages}
\usepackage{amsfonts, amsmath, amssymb, amsthm}
\usepackage{enumerate}
\usepackage{listings}
\usepackage{subcaption}
\usepackage[shortlabels]{enumitem}
\usepackage[pagebackref=true,breaklinks=true,colorlinks,bookmarks=false]{hyperref}


\begin{document}

\section{SQL injection}

To avoid SQL injection, you should not build SQL commands yourself.

To access database, you may try \footnote{cite: Lecture 08 slide p.46.}
\begin{itemize}
  \item
  Parameterized (a.k.a. Prepared) SQL
  \item
  ORM (Object Relational Mapper)
\end{itemize}

\section{XSS}

To avoid cross site scripting, you should consider
\begin{itemize}
  \item apply a stronger filter or adopt a `positive' security policy that only allow content in the whitelist.\footnote{cite: Lecture 08 slide p.57.}
  \item apply Content Security Policy to restrict valid sources of scripts.\footnote{cite: Lecture 08 slide p.57-62.}
\end{itemize}

\section{CSRF}

To avoid cross-site request forgery, you may use Referer Validation to ensure that request are not sent from some other domain. You may add a dynamic secret validation token to your forms to ensure that your user get the form before their post request.\footnote{cite: Lecture 08 slide p.27-30.}

Further, you may use sameSite cookies to avoid cookie being abused by the attacker.\footnote{cite: Lecture 08 slide p.31.}

\end{document}
